Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/e08d0e-ee4c-4ae1-9e0b-1278a42e092a/1/NN5FEOuiHxY1Bvso71tcqyzn_FE.roa
File:                     NN5FEOuiHxY1Bvso71tcqyzn_FE.roa (raw, json)
Hash identifier:          7EWjQpvHUKMEyVbnAaBmxeMu442W3fbOYetHWSn3Aqo=
Subject key identifier:   34:DE:45:10:EB:A2:1F:16:35:06:FB:28:EF:5B:5C:AB:2C:E7:FC:51
Certificate issuer:       /CN=1c5c72ee422c61667e3056de6b3ffce034305175
Certificate serial:       018CC3B67AEECFEDF850BFECE9F0FBAB2489
Authority key identifier: 1C:5C:72:EE:42:2C:61:66:7E:30:56:DE:6B:3F:FC:E0:34:30:51:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HFxy7kIsYWZ-MFbeaz_84DQwUXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/e08d0e-ee4c-4ae1-9e0b-1278a42e092a/1/NN5FEOuiHxY1Bvso71tcqyzn_FE.roa
Signing time:             Mon 01 Jan 2024 06:29:25 +0000
ROA not before:           Mon 01 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60635
IP address blocks:        95.66.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/e08d0e-ee4c-4ae1-9e0b-1278a42e092a/1/HFxy7kIsYWZ-MFbeaz_84DQwUXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/e08d0e-ee4c-4ae1-9e0b-1278a42e092a/1/HFxy7kIsYWZ-MFbeaz_84DQwUXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HFxy7kIsYWZ-MFbeaz_84DQwUXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 12:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7a:ee:cf:ed:f8:50:bf:ec:e9:f0:fb:ab:24:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c5c72ee422c61667e3056de6b3ffce034305175
        Validity
            Not Before: Jan  1 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34de4510eba21f163506fb28ef5b5cab2ce7fc51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:80:18:bf:7e:6d:47:05:c4:16:45:a9:08:12:
                    8a:2e:76:91:86:1d:e2:fc:fc:9b:66:5a:10:87:b0:
                    65:e8:79:0e:b4:67:1a:6f:4b:b4:92:42:97:cc:f8:
                    e7:c8:66:cc:f5:52:ff:29:db:b3:f9:ee:53:c0:b8:
                    eb:82:4c:52:70:9e:e3:42:06:b2:f3:44:05:ca:2a:
                    82:7f:56:f7:3b:8a:a4:91:33:dd:b2:e1:21:d9:d1:
                    28:4c:9f:ac:62:a7:2e:ac:7d:3e:c7:96:81:36:b8:
                    a5:00:69:eb:1f:2a:ad:38:98:70:2a:9f:31:e6:c1:
                    04:ae:99:e2:ef:db:e8:28:a1:4d:af:25:f6:6f:10:
                    88:74:0a:b2:cc:63:a6:cc:51:50:9c:dd:64:aa:53:
                    23:3d:b5:af:10:16:f4:cd:c4:97:df:2a:dd:7f:d1:
                    15:28:65:97:53:60:96:3d:13:85:d2:75:43:ec:12:
                    8c:85:1f:db:6c:45:ba:13:6e:97:92:1d:5b:62:92:
                    33:96:a6:20:f3:e3:c0:04:a0:c0:e3:03:de:c0:d3:
                    59:7a:69:dd:fe:d4:b4:3e:3e:77:85:d2:98:11:2c:
                    f1:53:36:62:58:8c:63:97:70:bb:6f:8f:50:f9:36:
                    47:4e:56:3a:f5:c0:81:d6:ad:09:cf:64:95:71:9c:
                    5f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:DE:45:10:EB:A2:1F:16:35:06:FB:28:EF:5B:5C:AB:2C:E7:FC:51
            X509v3 Authority Key Identifier:
                keyid:1C:5C:72:EE:42:2C:61:66:7E:30:56:DE:6B:3F:FC:E0:34:30:51:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HFxy7kIsYWZ-MFbeaz_84DQwUXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e08d0e-ee4c-4ae1-9e0b-1278a42e092a/1/NN5FEOuiHxY1Bvso71tcqyzn_FE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e08d0e-ee4c-4ae1-9e0b-1278a42e092a/1/HFxy7kIsYWZ-MFbeaz_84DQwUXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.66.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:ad:81:4f:90:12:a4:39:d5:dd:38:3c:7a:b0:57:99:63:02:
         94:8b:5d:1c:76:56:63:22:3b:1b:bd:e3:0b:84:2b:bd:2a:f0:
         17:b8:86:32:76:6f:aa:52:28:2e:6c:19:e0:e8:5c:b8:32:d9:
         d9:3c:c8:4e:88:43:2d:69:dd:9b:4e:4b:93:a5:1e:3b:b1:0b:
         c7:9b:dd:ff:55:6f:c6:44:52:72:f2:1d:48:1a:5a:39:3c:f0:
         e3:26:ea:ed:7a:a0:02:7a:a5:a7:21:7a:46:57:77:a9:19:88:
         d6:d0:f6:1c:d0:38:2a:30:b1:9d:dc:ce:9d:22:4b:a9:b2:77:
         5a:d3:9b:d2:88:55:55:c8:97:15:ee:a7:7c:b3:79:f9:65:68:
         85:ce:0d:9e:ba:e3:2c:7c:44:0f:cf:89:d9:5b:e8:a6:3c:f9:
         e6:62:ec:ef:8a:49:01:22:47:59:38:bf:e3:ca:b9:45:b0:61:
         27:13:0b:56:09:1d:4a:67:10:49:71:13:77:8a:28:8a:00:02:
         85:46:c6:7b:9c:23:a9:e0:1c:8b:b9:a0:2d:d1:6d:eb:c9:07:
         b5:74:29:a9:f4:8a:64:cb:14:2f:67:2b:9b:9c:38:21:c3:ac:
         a2:c3:77:1c:21:04:16:ae:b2:ed:84:a7:ac:a9:22:b9:84:2f:
         56:db:77:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnruz+34UL/s6fD7qySJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNWM3MmVlNDIyYzYxNjY3ZTMwNTZkZTZiM2ZmY2UwMzQz
MDUxNzUwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGRlNDUxMGViYTIxZjE2MzUwNmZiMjhlZjViNWNhYjJjZTdmYzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoAYv35tRwXEFkWpCBKKLnaRhh3i
/PybZloQh7Bl6HkOtGcab0u0kkKXzPjnyGbM9VL/Kduz+e5TwLjrgkxScJ7jQgay
80QFyiqCf1b3O4qkkTPdsuEh2dEoTJ+sYqcurH0+x5aBNrilAGnrHyqtOJhwKp8x
5sEErpni79voKKFNryX2bxCIdAqyzGOmzFFQnN1kqlMjPbWvEBb0zcSX3yrdf9EV
KGWXU2CWPROF0nVD7BKMhR/bbEW6E26Xkh1bYpIzlqYg8+PABKDA4wPewNNZemnd
/tS0Pj53hdKYESzxUzZiWIxjl3C7b49Q+TZHTlY69cCB1q0Jz2SVcZxf0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTeRRDroh8WNQb7KO9bXKss5/xRMB8GA1UdIwQY
MBaAFBxccu5CLGFmfjBW3ms//OA0MFF1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEZ4eTdrSXNZV1otTUZiZWF6Xzg0RFF3VVhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9lMDhkMGUtZWU0Yy00YWUxLTllMGIt
MTI3OGE0MmUwOTJhLzEvTk41RkVPdWlIeFkxQnZzbzcxdGNxeXpuX0ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9lMDhkMGUtZWU0Yy00YWUxLTllMGItMTI3OGE0MmUwOTJh
LzEvSEZ4eTdrSXNZV1otTUZiZWF6Xzg0RFF3VVhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX0LiMA0G
CSqGSIb3DQEBCwUAA4IBAQAtrYFPkBKkOdXdODx6sFeZYwKUi10cdlZjIjsbveML
hCu9KvAXuIYydm+qUigubBng6Fy4MtnZPMhOiEMtad2bTkuTpR47sQvHm93/VW/G
RFJy8h1IGlo5PPDjJurteqACeqWnIXpGV3epGYjW0PYc0DgqMLGd3M6dIkupsnda
05vSiFVVyJcV7qd8s3n5ZWiFzg2euuMsfEQPz4nZW+imPPnmYuzvikkBIkdZOL/j
yrlFsGEnEwtWCR1KZxBJcRN3iiiKAAKFRsZ7nCOp4ByLuaAt0W3ryQe1dCmp9Ipk
yxQvZyubnDghw6yiw3ccIQQWrrLthKesqSK5hC9W23f+
-----END CERTIFICATE-----